9c626bbbe02462381065dd69c1bdee12d3a7e7bb0e310b2b8e01531debbfdf0c

Analysis

max time kernel
1799s
max time network
1708s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-11-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

m3u8.m3u8
Size

1KB
MD5

f624f547a68982a19fddd6778e666e40
SHA1

eb0f01788d7594bebe5815611e38aecb69c73f1b
SHA256

9c626bbbe02462381065dd69c1bdee12d3a7e7bb0e310b2b8e01531debbfdf0c
SHA512

f1141e887219f83948d40da0223cbc6c7b6ad2626562adae4841cfae10637bae0c1d8b3ae900f6b52ede0d0de6e3f89a0445cb21c0cf5d60f5a0ca86c4a9d5cf

Score

8^/10

adware defense_evasion discovery evasion persistence privilege_escalation stealer trojan

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.51\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 45 IoCs

pid	Process
864	RobloxPlayerInstaller.exe
2640	MicrosoftEdgeWebview2Setup.exe
4644	MicrosoftEdgeUpdate.exe
4440	MicrosoftEdgeUpdate.exe
3348	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdateComRegisterShell64.exe
1600	MicrosoftEdgeUpdateComRegisterShell64.exe
324	MicrosoftEdgeUpdateComRegisterShell64.exe
3396	MicrosoftEdgeUpdate.exe
1448	MicrosoftEdgeUpdate.exe
2008	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
1852	MicrosoftEdge_X64_131.0.2903.51.exe
4984	setup.exe
1632	setup.exe
3852	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
640	RobloxPlayerInstaller.exe
5024	RobloxPlayerBeta.exe
1000	MicrosoftEdgeUpdate.exe
1812	MicrosoftEdgeUpdate.exe
1744	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
4628	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
4724	MicrosoftEdgeUpdate.exe
1292	MicrosoftEdgeUpdate.exe
1612	MicrosoftEdgeUpdateComRegisterShell64.exe
1340	MicrosoftEdgeUpdateComRegisterShell64.exe
1768	MicrosoftEdgeUpdateComRegisterShell64.exe
2872	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
1852	MicrosoftEdgeUpdate.exe
4832	MicrosoftEdgeUpdate.exe
1504	MicrosoftEdge_X64_131.0.2903.51.exe
1428	setup.exe
4560	setup.exe
4540	setup.exe
2100	setup.exe
4336	setup.exe
2144	setup.exe
984	setup.exe
860	setup.exe
2876	setup.exe
3672	setup.exe
4472	MicrosoftEdgeUpdate.exe

Loads dropped DLL 39 IoCs

pid	Process
4644	MicrosoftEdgeUpdate.exe
4440	MicrosoftEdgeUpdate.exe
3348	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdateComRegisterShell64.exe
3348	MicrosoftEdgeUpdate.exe
1600	MicrosoftEdgeUpdateComRegisterShell64.exe
3348	MicrosoftEdgeUpdate.exe
324	MicrosoftEdgeUpdateComRegisterShell64.exe
3348	MicrosoftEdgeUpdate.exe
3396	MicrosoftEdgeUpdate.exe
1448	MicrosoftEdgeUpdate.exe
2008	MicrosoftEdgeUpdate.exe
2008	MicrosoftEdgeUpdate.exe
1448	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
3852	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
1000	MicrosoftEdgeUpdate.exe
1812	MicrosoftEdgeUpdate.exe
1812	MicrosoftEdgeUpdate.exe
1000	MicrosoftEdgeUpdate.exe
4628	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
4724	MicrosoftEdgeUpdate.exe
1292	MicrosoftEdgeUpdate.exe
1612	MicrosoftEdgeUpdateComRegisterShell64.exe
1292	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdateComRegisterShell64.exe
1292	MicrosoftEdgeUpdate.exe
1768	MicrosoftEdgeUpdateComRegisterShell64.exe
1292	MicrosoftEdgeUpdate.exe
2872	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
1852	MicrosoftEdgeUpdate.exe
1852	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4832	MicrosoftEdgeUpdate.exe
4472	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs

pid	Process
3760	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 39 IoCs

pid	Process
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\families\PermanentMarker.json	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InspectMenu\selection_regular.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Chat\MessageCounter.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\icon_error.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\MaterialGenerator\Materials\Ground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\Debugger\Breakpoints\filter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\transformFiveDegrees.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VR\hoverPopupMid.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\DevConsole\Arrow.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\RoactStudioWidgets\slider_bar_background_dark.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\icon_whitetriangle_up.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\PS4\ButtonShare.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_5.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\Help\AButtonDark.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\graphic\Auth\qqlogo.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\sky\noisefb.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\common\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\ic-group.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\AssetPreview\fullscreen.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\AcceptButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\MenuBar\arrow_down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\ImageSet\InGameMenu\img_set_1x_1.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Locales\ca.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\ic-more-catalog.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ViewSelector\right_hover_zh_cn.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Emotes\TenFoot\SegmentedCircle.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\collapsibleArrowDown.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\btn_collapse.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\AvatarExperience\Profile_Picture_Group_Light.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\MicDark\Unmuted20.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\ic-friends.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Emotes\Editor\TenFoot\OrangeHighlight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_24.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\en-GB.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\meshes\rightleg.mesh	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VirtualCursor\cursorArrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8348.tmp\EdgeUpdate.dat	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\DesignSystem\ButtonL1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioToolbox\Voting\thumbs-up-filled.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InGameMenu\WhiteSquare.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InspectMenu\ico_favorite_off.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\FollowingIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TextureViewer\copy.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\6a65f4fe-a6de-4063-bdc8-d90fa33d8953.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3396	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
3852	MicrosoftEdgeUpdate.exe
4628	MicrosoftEdgeUpdate.exe
2872	MicrosoftEdgeUpdate.exe
4832	MicrosoftEdgeUpdate.exe
4472	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.51\\BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.51\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-32f36ac944b34913\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1AFD8852-E87E-49F5-89B4-4214D0854576}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.35\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.51\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationName = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mht	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\version = "version-32f36ac944b34913"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3316A154-AC5C-4126-9021-B201E9C33D7B}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1"	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5076	vlc.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
864	RobloxPlayerInstaller.exe
864	RobloxPlayerInstaller.exe
4644	MicrosoftEdgeUpdate.exe
4644	MicrosoftEdgeUpdate.exe
4644	MicrosoftEdgeUpdate.exe
4644	MicrosoftEdgeUpdate.exe
4644	MicrosoftEdgeUpdate.exe
4644	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
640	RobloxPlayerInstaller.exe
640	RobloxPlayerInstaller.exe
5024	RobloxPlayerBeta.exe
1000	MicrosoftEdgeUpdate.exe
1000	MicrosoftEdgeUpdate.exe
1000	MicrosoftEdgeUpdate.exe
1000	MicrosoftEdgeUpdate.exe
1812	MicrosoftEdgeUpdate.exe
1812	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
1428	setup.exe
1428	setup.exe
4336	setup.exe
4336	setup.exe
1852	MicrosoftEdgeUpdate.exe
1852	MicrosoftEdgeUpdate.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5076	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
5076	vlc.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5076	vlc.exe
4652	MiniSearchHost.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3760	RobloxPlayerBeta.exe
5024	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 3016	3768	chrome.exe	80
PID 3768 wrote to memory of 3016	3768	chrome.exe	80
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 4356	3768	chrome.exe	81
PID 3768 wrote to memory of 72	3768	chrome.exe	82
PID 3768 wrote to memory of 72	3768	chrome.exe	82
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83
PID 3768 wrote to memory of 944	3768	chrome.exe	83

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\m3u8.m3u8"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb10f7cc40,0x7ffb10f7cc4c,0x7ffb10f7cc58
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1988 /prefetch:3
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5012,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3356,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3116,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3428,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5216,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3328,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3520,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=872 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5148,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5096,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5352,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5356,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2100
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- - C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2640
  - - C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4644
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4440
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3348
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1176
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1600
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:324
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEE1QkFCODAtRDc3QS00NzgxLUI0N0EtODU5QTgwM0UyMkIyfSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1RDk3M0EwQS03OTE4LTQ1NDItODlDQi1DRjFDNzExRkRGREZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNTMzNTEyODMiIGluc3RhbGxfdGltZV9tcz0iODg4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3396
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8A5BAB80-D77A-4781-B47A-859A803E22B2}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1448
- - C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 864
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4360,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6196,i,17060076835208823252,812649436968669790,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2160

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2008
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEE1QkFCODAtRDc3QS00NzgxLUI0N0EtODU5QTgwM0UyMkIyfSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5Mzk3N0I4My05QzlGLTQ0NjQtOTE1MS03RjQ4QjU3ODQ2MUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM1OTEyMTM4MCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:708
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\MicrosoftEdge_X64_131.0.2903.51.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1852
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\EDGEMITMP_55082.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\EDGEMITMP_55082.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:4984
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\EDGEMITMP_55082.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\EDGEMITMP_55082.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EB90245F-8FA9-412E-8A9D-876060933CA4}\EDGEMITMP_55082.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x234,0x238,0x23c,0x1d0,0x240,0x7ff76cf62918,0x7ff76cf62924,0x7ff76cf62930
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1632
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEE1QkFCODAtRDc3QS00NzgxLUI0N0EtODU5QTgwM0UyMkIyfSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEM1Q0I0Qi1FMDA3LTRDNzUtODREMC02Njk4MzBENjkzQTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzc0MTUxMzI2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM3NDIyMTM1NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2MjU0MDI1MTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI2ZDM5ZjliLTAyZTEtNGUyNy04NGUyLWI1NGIyNGRjNjgzZT9QMT0xNzMyNjQ2OTI3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWZvTTZZMTM5RW9PMXNhQXhKN2FtZ0tQZllnNkRYMko2UHFuRE13b29Ocm1VSmFBNmhQUVNyaFMyNzNJTFY1YlprZHpXSEpWRiUyYnBuc3pQejAlMmJYWUgwQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NjYwNzgyNCIgdG90YWw9IjE3NjYwNzgyNCIgZG93bmxvYWRfdGltZV9tcz0iMTc3MTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjI1NTQyMzExIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzY0MjI1MjMwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI5MDUzMjQwMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwNDYiIGRvd25sb2FkX3RpbWVfbXM9IjI1MTExIiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjY0ODI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3852

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4652

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:640
- C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 640
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:5024

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4652

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1000

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1812
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A44E915-A8E3-46A9-B15B-98F707E6BF66}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A44E915-A8E3-46A9-B15B-98F707E6BF66}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe" /update /sessionid "{13A5DCFA-469E-438F-9636-A56741A9B2D7}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1744
- - C:\Program Files (x86)\Microsoft\Temp\EU8348.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU8348.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{13A5DCFA-469E-438F-9636-A56741A9B2D7}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2820
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4724
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1292
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1612
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1340
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1768
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNBNURDRkEtNDY5RS00MzhGLTk2MzYtQTU2NzQxQTlCMkQ3fSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7REMyRURFQjEtRTdGRS00QUVBLThGRTItRDJBOUMwMENBNkEwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzIwNDIxMjQiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3Nzk1NDYwMTI5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2872
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTNBNURDRkEtNDY5RS00MzhGLTk2MzYtQTU2NzQxQTlCMkQ3fSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCNDY5QkZFQi0yMEVDLTRGQ0UtODgyNS1EQjBBMDBCOENCMjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDk2MzcxOTY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDk2MzcxOTY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzc4MDMwMzg5OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4ZDU3N2EwLTFmNGEtNDM0Zi1iZGNlLTE0OGVkYzFlNGE0MD9QMT0xNzMyNjQ3MjM5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVg4cThOWkwlMmZmY0dQZEQ5U2tFaW9sVnhLejhySVJ0RW5pY0t0YXdrVmhTWERGTUVKZG1ia0JSJTJibXpGaVZjdDdFM29xT1Vmd2ElMmJpZXlmdEF3VUZHQmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjYzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NzgwMzAzODk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGQ1NzdhMC0xZjRhLTQzNGYtYmRjZS0xNDhlZGMxZTRhNDA_UDE9MTczMjY0NzIzOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YOHE4TlpMJTJmZmNHUGREOVNrRWlvbFZ4S3o4cklSdEVuaWNLdGF3a1ZoU1hERk1FSmRtYmtCUiUyYm16RmlWY3Q3RTNvcU9VZndhJTJiaWV5ZnRBd1VGR0JiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzU5MjAiIHRvdGFsPSIxNjM1OTIwIiBkb3dubG9hZF90aW1lX21zPSI3MjQwNDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc3ODAzMDM4OTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc3ODU2MTY5OTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzgwMDI2ODgyMTMzMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMxLjAuMjkwMy41MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0U2QUUwMTk4LTFFOTEtNDkxRi1BMTFBLTdFMjE2ODk2ODRCOX0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4628

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4484

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1852
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0VGNjcyQ0EtMjU3Ny00NDI2LUI0QjEtMTlFNUNCQkE0OTQ5fSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODU1OUVFM0QtNjE3NC00OEU0LUE5QUQtMDI5NDJCNjg0OTA2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7bGhWaTEyUWNrNlNsMHVVMU9CNlkxNTI5YlI2YnNleTQrY3U3ZEh4czZjaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMDM2MzciIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM3Mjc3NjQyOTcwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDg3MDMwMzc3NyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4832
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\MicrosoftEdge_X64_131.0.2903.51.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  PID:1504
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - System policy modification
    PID:1428
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x21c,0x240,0x244,0x1dc,0x248,0x7ff7814f2918,0x7ff7814f2924,0x7ff7814f2930
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4560
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Modifies data under HKEY_USERS
      PID:4540
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7814f2918,0x7ff7814f2924,0x7ff7814f2930
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      PID:4336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff739132918,0x7ff739132924,0x7ff739132930
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff739132918,0x7ff739132924,0x7ff739132930
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff739132918,0x7ff739132924,0x7ff739132930
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3672
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0VGNjcyQ0EtMjU3Ny00NDI2LUI0QjEtMTlFNUNCQkE0OTQ5fSIgdXNlcmlkPSJ7NjhDRDhGQTEtOURFNi00QUExLTgyRDEtQTJERjQzRkI1RkNFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswQkVDNzc1MS0wQkYxLTRBQ0EtOEMxRC1GOTJDNjFFQ0QwRTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzEuMC4yODcxLjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuNTIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1MzIiIHBpbmdfZnJlc2huZXNzPSJ7N0Q0MDlGQUQtMTI4MC00NTIyLUE4MjQtQjhDRjE5MkFCMTAzfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuNTEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzgwMDI2ODgyMTMzMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA4ODUzMDM3NzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA4ODU0NjAxNDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA5MTc5NjAxNTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjA5MzE3MTA2MTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxNDU2ODY2MzUyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODkwIiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUyNTE2Ii8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjUzMiIgcGluZ19mcmVzaG5lc3M9IntEMUM3MDk1RS1FRkVELTREODItQTQ4Ni04RTNDRUFCOEFDOTV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuNTEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAwLjQ3IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1MzIiIHBpbmdfZnJlc2huZXNzPSJ7Njk0MTgxNDgtMkI0Ni00Q0IwLUE1NTctMDg2MDc4RkUzQjkwfSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4472

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Installer\setup.exe

Filesize
6.6MB

MD5
e8ecc691b6b345c25ea749591911d934

SHA1
b54f8b8ece5c4221c4180edfdef39df38a36ba21

SHA256
e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a

SHA512
9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.35\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe

Filesize
1.6MB

MD5
dc1543edd0dcd56536304bdf56ef93f1

SHA1
1a8b2c7791f2faa1eb0a98478edee1c45847075c

SHA256
ccbb3d9a4877999a55b2ca6b8128481e91c4b56780f581226f916c0fb2db0772

SHA512
2a6b4aa39bc3e4d234909077d5c6d75b9968c1778d505cc12431afd7aebd01eb65ed2f6f0c53c67f18eed7e97b67a93bab8c44574e3918ccd5cfcd8681767056

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97EECB19-1DA5-4A17-B0E0-2E7267AC6B96}\EDGEMITMP_57B58.tmp\SETUP.EX_

Filesize
2.6MB

MD5
60c4164e5d4cc0649649b1241a5a14f6

SHA1
748d85cca4cbcd2fc5949cd5f23382a57d346091

SHA256
e26afbe1b5a10139c66c4950d86d357766aafb8521abfd85b525dc2348962c29

SHA512
f3b3337dcbc3a1b6b02420b26f6c496bd9bf01da45593e23b4a50b7be02f27e1a5b506236b097c69ce5cee90430ce677780007b7a768117912cd5b85bdbc9339

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.7MB

MD5
fcde6b30b89cabf7d0460bc5a580cb12

SHA1
e560d223e6555ad654b26a65f71192663013b45c

SHA256
05d8bce07453a2f3e77503797e39365fd78766099ca60968b9f411ce9886d4ae

SHA512
1e3b394ece6d792b225f003f3247697cb474ff7f47afe124de62c34cd1fe29793b0a61473566f965270cead07af7abce0c5f253a4fc6790534b58fe42fbc8574

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU90B3.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.8MB

MD5
7478745f2ffdcebdb1c5ccbd482312b8

SHA1
6f754125fdea66ca783875f7c6c0f96be14211d3

SHA256
ae19ae02450f9e885abbed2e40fbabf9992acf61fd206d6ec0da8fcc2ecfeecb

SHA512
9ff8e19eb3471d69654a9a83fdc62f9d340dfee344a1cc89802ab4924921edc2c4b1e4f6573143ac61cb61d970d6150ae694369c90ba453cfeb63966d85bf352

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
b069bbca68cb87083947a526387cc991

SHA1
43c28ce569f17071559b53550a5a20ba458d4cfc

SHA256
f54b07b32519923719c58594d8a19c24c9b57cef119c0437771ea26c999bed7d

SHA512
40f55710eeb80e796c28bf659291f87cd9e0468cd272fbb30403b874016de3fb88a1298ad65c1b812326ee8922f941a7556f5ead6f38bdbc3dbc3e0ac0dea5e6

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2845ba27-34cf-4aac-818b-03df08ccd8e9.tmp

Filesize
10KB

MD5
48a892c3dc350dd0fe647d38710e1b50

SHA1
dcfa1a5cc129959804550d737724a5d9ff5797b1

SHA256
5d6ef8cab88c7a47dd51a38e87ac22f244a588316f0de6966a15c7f2454e6258

SHA512
890dc46c0c7569dad8b1772fdc3cd226fe8716d5be7e46aa72d9325f2efd202f8fe6c27c75e1e0e596bbec1758bcc4150105f5d85ca4e379853f0487e5cd8f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\574e06bc-9d3c-48be-84a3-32f353dab744.tmp

Filesize
10KB

MD5
2da2593c16e25d562dfee67eb90e6a46

SHA1
79cac9e6e86a3bef29679556b6bc57212d51c449

SHA256
fabeac2955455ef205750ee22f15a5c61bafd947d0b756f9c1bf9344c6f7995d

SHA512
419d39843e97a458dd0982d10eedc8fa6c3276860f5bd2468addd0ca3c11d492a2b74a634207ac8a87be03963289883358a97569a6b5c6bc8b35e0504cca1b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e1c1366adb82c03cb76cbd7a3b2bdb37

SHA1
5b7711d3abcc9d29ad66388d96e4b50acbebff7b

SHA256
5c3006e7cd46173963220a48139f5f251efbb41f1ad02708ece5df2d5e1c7a51

SHA512
aa8d0dc5aa5805d262f830f65175b59a7855ebb9bdc5bd458fdebb0c192548e5952635ea4d7d50a9856593b16dcc644b0bf3b0d9481db79973cc71dcc87df5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2299b5f5b587bac5_0

Filesize
375KB

MD5
a4f9c8a39f151e23c85a10d56543e6d4

SHA1
c3acf7842f372c69f52b78138c04ba108e27a030

SHA256
7b0ec281427883ec67c90dd0021324183145092a03b1fd296e5e1888da6965d0

SHA512
5d5fbfe1a88a57b7bb4ea147857870216ffb1dceeade56b45913e663f40ac8c53bdcab3d8e9d09b801101519e7e6cbbd6e081652bf3df166209226f51dd74bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
a25d024a0f9bdf1827335b0d2e470473

SHA1
5defec47bb5c01445fae4daa6650d0a171ac2134

SHA256
0349d2ac954ca9b8e06b7eeee29ded8a35c3646140a24e2f9679332a2b65fc8a

SHA512
8c21dcf35c909f3cc5f0e9d08dfad27f1f92e182eb281714cb7c2977632144be5969e6cd78d580aaf7299f20e645ac2bf55b099aeab5065da376160284353d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6d2c69c5e6433fc5_0

Filesize
19KB

MD5
4fb66c33a8377733748a2cfc48d11b7a

SHA1
13f5aeaa4072098ce18deb85c884f8889d25a160

SHA256
cd2df411b340fb5bf3828c9083d6e7cc42a57bc3f1aa26426777940398a4ec1d

SHA512
fb046d995f7617b5641da1d3e09c3958b960ac1867e9c7a90ec79230443288182e317bcf5a0606e7c444572fbbd894288809e20fcc6d2c42cc660305ee401d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e90f3de079e4d23f_0

Filesize
280B

MD5
a97edbc7b2db05520a8cae08d7fae3b2

SHA1
95399fd5c5545fd99f14914f1cbf5c8be5e2caea

SHA256
632871a7c70f718d9491ba18490bfcccb204b5a1b8d458b52e2d4fc48af1d8f7

SHA512
ff996a60abee7802d45da890b95fe976f2e549b7f4d26113aa6b57239b5d47b46bf137e8de32190dac75d4db60716db16d57499f9ded598eae380762ff42c2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
64c72cf147fcff4fec848784441a0b83

SHA1
9aa89f6f5c321e2a7c7a6654d8ea94d226c140a3

SHA256
236c5fb9279290468692a00bd8f79fa798e5c0317c7aec9184d4868c8545a738

SHA512
bc5b435029b8b2685fc691e8154baa7485b65681066e923a1e624739da1c76b4947d79d4af4d672766de6caf370f3cae0d20e3370f47630dcc653d9dd40af695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
35b193872079a97951b6393b02274f1d

SHA1
2172937bbd0fec26cebeea65dc04d2b7ad941311

SHA256
fd431b8b0652bdda00bd898ed31df5d1c0c6060b05867a7b3072903de908556b

SHA512
5818d138847780ff97ab5b0eaa899b931888604e573b5d1d07fa231af2604469fa51a3a8fb454c46576cdd3e554ce0977736525b70f3e0817090994d7828195f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8983715864295e7c19f8da42670feea2

SHA1
e828a34e10d536da6628c6aefb0a3a9936abb2ce

SHA256
2cb44ad315c2c470a759228162c04abff7a4f41df65c423d924ca88d02e8f7d5

SHA512
1d74feb5aa66b50ba8a8eedbfc8ef0e84aa065fb87e9877cad6a6635d737c0bc681d51da9cfaa0eaabee7c1b8ab28bbde1236c6b55ecd7e75a59ae4a22a71b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
975aea559b85650059b7d5bdb8dbdc82

SHA1
4cf3a064edf0451569e9eccaf90fe3be4097cf02

SHA256
7a0cfdfb3acf85e8012d1b35c9b143d047d8cddf01ea3870ad53a060f1fac5cd

SHA512
4a53e55017ed72d7d90843655737381ff594634029047585c2ccd2485e106837d2110a7074a3f86dbac916d2eaedba8fbfc7a8882aa72559c844db7cdb4a3594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2c37380548fcde22d891dded69c1aa6c

SHA1
3fd6bf6d959cab4b8138ad56bc792ae182b11649

SHA256
06b724faa84563f3382b19137e07b84a9a2ecd892808f3591002b7bcd051f722

SHA512
cfb6fff590ca415babf573c01cee5b1f86983b20aa69d1f88073aeb1ef122f0c77c9943e63a5ddc040b32f143248ce3b33f8da1615f2e9a5d084a70227fc2c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
65ba52e96e81969eafea2bc44a39bf9b

SHA1
7c5e4d04380338e0164f2ab843d2c90a97660284

SHA256
5083c5ce66899fd45900f626b331884457275fd79b6d7285f7c9ca0b40ad58aa

SHA512
9f70641f6c74a0b513c81fb35aa043fec5410dea89262fcf56af72a616a509d9bf39727a38e0a90db35f04e0359e692fab17666ad55f6c093e85974f537df629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1f0b75d1086a057385fb36bcb04d1244

SHA1
b0a5ef082c680a0e62792d04d9df365cee0c3b23

SHA256
058a03f244537e250d69c3dd2d5016be7e062900ae887d685c51d85cf5222154

SHA512
ac22f6ddf53c1a29024155255734d5fff3790b5983cdee6b8f64cde79d2d6693c5a2e510412759f536e8c80c4a84b04cb86a5af5aa57a1e85f7d347c4e8fc27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
64cc510fa1a4bbfaae82f8634200df1c

SHA1
108ff973f4f831c3a275a1de14c5ae732da17c36

SHA256
89f462f66697d6b8f4510c5b12dd3e49d7607fb6cdb7cf87ba652591039b2383

SHA512
85b8f3f03c18234d26691c04af6ec9f1feac8e71e8a354f02e7bcd41d1f37f67b6b5d54489db8707c02cbd1bc37aef80ae6c238a13a24b9f2e8e2b5b8e1ed369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e13d73602bd3726f121af190dcfda88b

SHA1
a8366b348623f648362bb2426c8f760606476ad6

SHA256
d869719278cfcbbe174ad211b258af2397e56b8fcc0cc3cf87c3bb2c0c9ef6e1

SHA512
efcd7a0bc215c33d89eab3c32a57b218a9213475c9aafc117b2aa3ad61c8e5d12fcab8cfb078306c1eea179a65163b3be2aac843f00c7b8f8740e48120f18f0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b5f7adfd9a5600be77b87ee962115a22

SHA1
24874330cc823df29a8bc7fb20f6a67f5ca74abe

SHA256
e1a194883aa97b882d54e58004b4fef49a163b208bab1bebe42385311ace7c70

SHA512
8938ebc4809e05a3bdc9a05c6144c3ae4bbab90d1c5ef5210e789966e169ec05281161180cf44256cb1cd5ba858b79c7efcda878b7c5257782d5946751836e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5166d62fa112797ace7b62204ea1ef60

SHA1
60bcb379e2cce1008c90d223ed4bc27d548cece1

SHA256
acc1742a3ade59cfa46cb6d69215f15187a5f1800152b79020bb5746d2e44a47

SHA512
1ffc49cc234d2858f5bcc608a0af1e9b6e281643b54d8ebb4f5e867d100caaf6d732309b4858c6e36a4a69861bf24914188061ffd8743a5cb8c3ca4225ce9920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b084e6bc4d3785d987c400137feda47

SHA1
65eb4e17aa8f52a7b73282311f2bd9e5c0c5d3a0

SHA256
b59f488060f10330283b4b9d62273bcd8944aa99834ee72aaff27404a6708e7a

SHA512
5257f722dac82239f85b5a6f3e460c163d478639472a9ca57236fe70be886942c60a701079099bc734187137088f1a16ce625f17fc637617a0f3b9f881cabf14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26221691a357a1a614320715258a63ae

SHA1
cf80a12b2fab69b4ffc33de5183f6d0d42cc402a

SHA256
2856f59a2afa2cc3d9e62fbe8a66c8823e73b3520e7b4d10c2d6a841f4cdc8ad

SHA512
df5e3870130c6b18474f2dce1cabfd33469eb7d8a51447bbfd12faad7e2d08203ca0b33b70215caef7a7ff5435bf484fb95abe7245cbd6843ad775dc37d72781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
387d303b13db8790d335b29b9f3bd22c

SHA1
e2173e4a093c6101edec44cd1ca8736818671085

SHA256
4c4708d9744895e53fb84563ff12f5fc98464eba7754273bdf8a13dc88a866e9

SHA512
f317fea1840658f21ccd271f6c75f37047c610f8b72f556e41a29890bf1b88e1fb5169880cc561924d761934a9415c03b7c2a4fb89fb5aec586226a3a4c3f23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70c38d3aa272eaef6ef0f971e7b1ef53

SHA1
5b0b38f632927ba5b84270da3ca45b2bed334e1b

SHA256
5c811a3c4beaf2e853129d61ed2df9b3ad41978a631ce1ace374ec09553d4899

SHA512
195fcabca0642a33838ba48fbf2af023e2fb3462a4859c4fc80c650a6294e50572733fe3c34d3e61c0b4866641c58663ceccc4881b37a19dc76aa6c88ad396b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9fafbacdcbc8e2263801120fb6e964a2

SHA1
655fcfef6d9059fc6842962744cf1c141d8b5e25

SHA256
e34e490de6d3e06f33f91d2935a9a178a2c072430658e990697f7280a9365847

SHA512
639e105f725f14c9c8870531a445ff3b518b41ca3d993191d1d36ae5fc86009955370fe89be0a7525f798ded5ee73873d9b5ab41ea87250c9085563a6a1851b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d02c4db0239c49f382806d9c2d0078c0

SHA1
2e88ab1a3a52c8e3dbf045809e90b0df9c1eb3c9

SHA256
a100be3be09db6b38ea75e78c7bb941234e426412495f8c3b6c74c909bda9a44

SHA512
84a87d9d433d57d6693023fe7b8d03da23e92b26462784735f519fb76f16991b9cbe0cea2f7206fc3908ff12ce56a029570254c6786c4f239a6296abc50dbbdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8a70bc5ad5ccd55b75a20c31ee30a641

SHA1
f81dab5150f5f279a37af96109d9e13922d90345

SHA256
30c776b8de0afc96bd1ff6fa905485427ce304124e4a6d52a0e6850385aab098

SHA512
5cc3bcf7c230324a479829e87a14cb6f740b894e7d7413f814324cbfeba4f12c6acfdb84dfca6dfad4e890efc2928733fd23231fe045047f3b35ec8c2947d2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8008d4fce0507b52f184d675bb44a152

SHA1
daf7614c51c32eab2a8fa1fb63234b9815e2fe5a

SHA256
1866e278d1f45dc7c971a227be86a993f9408c27a5f97e789227c47df80c8990

SHA512
36531ad9a5deec8d78753543a7b61cd72a31336adf6e936dc9ce64a013b83ef45542d9b279a8b701dfd1a686d23f116c6e6c355f83c95d30d49a33ea419f5ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0cb5189d368a23f12e1ac41b79681249

SHA1
811a1c69f74943f261263c2e25c6fd337f2c09e2

SHA256
3e79878bf01efcb0120394c28696d3073bc891e39820d623f3eee7d903ffe877

SHA512
84c769f44132f1cde970daf404325c2224415f72f46664c4a29efdc288c2a2cefba30b4e14d6d87675a52c270e95fd09b9b5d3e0fd79e3161fdfe6237ff95850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
586d4db7ff1cd3cf6bd7e2f8c1193dd9

SHA1
e8dab6c3a01bb7d58adf5de5bd43b1abe9d1636e

SHA256
4bd62c3fb47c7cee1b3bad5e473e97db0122173a74c533d504f6a5a92f146e8c

SHA512
3b6e7d594154d3eb8eee093eba640396802fc90b2ab84e3b6803d0d5ca0b886b34ef9f0b09fb7dee382d839ba01535731a876d32a65e1059702d240322161d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
11e368d8af9216ac17548b79e0f93b86

SHA1
aba927b76817d4065be01a04c3c79778428ca379

SHA256
0867aed371a796d04bdaef2abbca4fb77cc41a6f44be17d610e0705cecf5f739

SHA512
6f06a34a7264eb036dacd7f72cb6049a5e70bd8a37d0f10de5c94cfaaaf3ef9c2949e96ea777f93d3cf3ec234926dfc41bc1b3657995173ffc87b75d22af35dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b03c033a7236c6978f7b0f3091f196d

SHA1
efc5b3a1e2125cd2283af157b219f88ae2a6acb7

SHA256
7a5188fbd16638d0910f0424482e563265817d105a38a5fa8a3f48cfb2432f06

SHA512
0d1dcdf8d3d67ad0062dc971ab1e2d9f3d8bae3b640a40afa4a74d2582d28a85c2c8f4c07af85bf82407714bd9fcbc11fead6818a0184900d6cb5b50da87a138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b25206d4e60526c67fa469d5eb1a095

SHA1
1964587dfb843e93892c27ab4339cbfb3a6fce1b

SHA256
49853728c133f70f9effc504dfad56c6188127a40c942f92b8754c833085fd84

SHA512
448d9b27f7df96a2a91a7bd38e390b812cccf75b920ccfe11aef3473fde578636d36ca0b5441e51b5a3ecfc502d8381c3dbb294fcf2100fdb5e2775776337f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05fff2bfb37f3f01e15cfde4f2ecfdc4

SHA1
501be63868b8669a2ece6bb06dcaed9359034bf8

SHA256
5624591e9e101eb1127f0589c6114088a8ae40cd600fb296b5831363b59779da

SHA512
0f1d5d21d98e83c90c2001f8db4d68f79b881a0a212f4466e07b7438bb36938974e09dcba5177a25cf89c73695174d0683fcd65ff9e592e51765d878d49e005e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72285f9a42da3591cdb3a695019c251c

SHA1
7a809d81dd67b785d8de14c454e2645c980ed21c

SHA256
e452aa69b798b667cb44bacda965eaa5fe28110847e3738ef3f58378b98f3704

SHA512
cadfd7891ea0c36b456cf256dcc807aa7c9a9afdfc9db3664f94b96ce334ec489ae6d8bceed6ae85c89b5d8f40d8fbb58dc1fb9bbc3964bd1f4d750a8e38b415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67ad420a734dc6be02f424e603dda248

SHA1
3b75ca6ddcb25ca972e80ac07b3e2178f82a7333

SHA256
1368b163cba8d72d1fc07503f255d4a9efaca29aff2256cc2c6a9a7c2a102896

SHA512
6afe3d30879482e632e5a2e9a64d4b85428c80f321a892e4b7b396deb34cc9bfc6a71f42c2ca3af07596a3b9e8b870b1ca05a67f244e814ea7f2c6f30f006be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15ee6a94fe43cbfec463f0dcf4fe2ad3

SHA1
347123492587ccab3cf0951bbdb5fe569d36a09b

SHA256
626b4997496b7c1b271303a0aacec647ac66a44cf96659288b0f7caf753938e3

SHA512
701dc5c02bdac0873850f4acbc2fb867a27f911e5754420898bf65f3c050a473a0bd683203eee1810ee75767cdb074726300e60b8da8a79a2087434523936b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6370a83f1965ce864ac4bfc767c6a4ef

SHA1
ef4afee3b093552b87b718670abe99de47e72888

SHA256
bcdfae23aa524069b76cefb83af047b85f90cf18495d292dfedc4e49c5784fea

SHA512
9b0f64a630e9799cbcfc8b91ef04a53ba44e941e5559cc74310b441bac8901a29243e57dfa4f1c57e11aca3cd0408ca8cb2e810e780418584a2f67f37449915d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
719b3e733ac13018a9f1d75bfa32e45f

SHA1
18c7ed88c23d3836ddb9353f26cc54dcab4cf440

SHA256
d062b3e65b0e9932179dbc7f6ae007042f082cc103b02261eddbe1b64b4888c7

SHA512
d6f3bde0b3122384f649945ddf3b37e7f2fe6052b66590d868b6988848b8d6ebc8812b1e2748dd1f153b65df7b6f905cbb39052e0a2d1c05661de326a2fdd0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a79c7d745cfae302e17c0ee74ef51f7

SHA1
847508466d02cdb380d8c9dc2b618d8bb78ff98c

SHA256
55df3a6894bddc5a7399404666cd8777756cad0c481e6d311034c2a3fee5e1ff

SHA512
3d49e14d67431d0d906054a81cab674cfa3d0142a44940b6aa69335f8e4dc6eb272bfc348bb7375ee5fa4cb5b2b5d8e57bb61ae546ed60df139ade264245b260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ad8263b640046629b78523531674dea

SHA1
d7e4e947ba8f3b85c4c43ff028f9031cdf687386

SHA256
4f673b0497e9ce2d368c02011f47b1d2f58bb3debd2482fc2d8b72294ff2e8cd

SHA512
0d7319c0e94a65c25ea394a0da62397726e9a1a7d46896367885d500efd3a7baa794f12a512db34e37666bb0520e608d82c6ec5815e35cd903b9976df5f7602f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a04b3d839973138b2886b5b718e558a8

SHA1
65e7bf62531760ab77d87ecfa26eb8ed59731c4e

SHA256
155dfe318ee299579060472d60876f928230d43bb0e924d95c4743d0ecf37aec

SHA512
8d246b7cc730366bbb57c8b1cb579e0212af89b68dbe2aef12d477cfe0059fb8ab5b71675ece6e1e910b649ddfd9d29008f91a2d9a88844c129ec326586d580b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23a21b93a9567705a3ab10269e58b90c

SHA1
42fed45f4197b2d1f59e7e5b77c82360200f0ed5

SHA256
1e000037dab8e4079e2be8ee812ae8c0a9d8aac4b477a7d153ab190f47b31b36

SHA512
9a5ff98a40fdf7b60faa4030e4d2fa8fccb9f452c062cba64521e46889324fb602b7387b013916e46ab71eee46d8a46e7cb198bd1329aa723d6720b5f206985c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b2a69f3bc696de53a54987676aa5e00

SHA1
92af534f80e83d2759b426c6c52dc082ad531cfc

SHA256
06893ca408370dbee17dfe4d7cb25ff785ed588ed916467d94eeb0185fd94c40

SHA512
67ba06a7340f7faddeac85f6bc69e364771c9e60f703f3eda10f53317d101f1983c96f507cfa24d709b601a7a14b9b08466eb33e8b78aa015d1bab6ff78fe53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cf15060c31fe3a65365ae2fcf27927e

SHA1
ade10a6063f51607594b12f418f65b58a5c291be

SHA256
3abd153dcd7d8e1d74c1416200c8a72632796e67973bcc40ff826476fffeb25e

SHA512
df5f5d1d1e7348db7a578d07b9a2c524f41fd8ebd8fbbe5b6f7de08dffbf6c76d83c3b4a22b04a85e85e24208c0e276e377177662c2eb3b137a910f6d07dab7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09c05c05d79a8aa225d44b137cb109ee

SHA1
d403ad60c6e54ac3c29e5880be7ce89264eb4778

SHA256
6c1107faa4e1ced156e9b6f7b06882e08da61be4b5dcca2626998bb77c3ca536

SHA512
aecc6e082e928b68d4f3821ed566e7a1c44b0d2e930e4e66bc553932b6c13c36f18d66005709f0dc56082239aa4ec62dbb503c9851bc2d6c6d23f0c30285a35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1999270cfdb15c2d7c370a1bb056398

SHA1
207d0af436f02782c9ecf2168ee040309edfffa6

SHA256
db247cb468a782f073c4d15a59e809f3d6719fd24a32d38d1cc52bdd252db95d

SHA512
1429a2195e02cce7b938c5d440b082a3ce926fc260bf8daf5b7c2e59580d14af6325e1b88caeff120b31d71e042c017df8fa817269e81a716f6a47c6a19462d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0b17583c151b8aae48e8e65b4ca7603

SHA1
2bdb9dd5d8452f418875e8d4d20606e4e90019b8

SHA256
b0c2116346dd6dc78acecf9fc4d07465dbef9cb36d8c38581ef79a75dae19183

SHA512
23b2527e167c02152df2dc653c766dd33755ddfb5dcdfa8f71652ff720c0bd8d5ffe5323929c8fc9f4ffc76f4cca4163db4fd9195f7801e281920193993f1852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65dd1641ad38d98dd22bfcdcf5da529a

SHA1
ed040310904de54026fcc6e53a631a6a6aaf8cd4

SHA256
2916ab020db0f3a05369148b3f0ba30bb2b1295974942a808fbc5babe4692deb

SHA512
00dd41f3123c11e3688756fa3e1216882c86a4ed32afb87ef112a9ca3717a2ac6283104f1554bb7fdfdc31a5a1dd3081935dd11905b94f6392c413bb45b2db5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1c951aae8aeb44ddf62fc3501da1757

SHA1
e809959206735b56e82dca8c32e8bf8ca4518110

SHA256
c4d36546affd0c4e7a87a2c92713e3f39a4e562e91d343be29604fa73394964c

SHA512
7a05d8f19c74d56c10673ea17160c96b6de252bf48df2268558ae28b5f1e31da0ec2c52c8a30f671f0815b70f564340d32ddaf43b0c93ac87bb08f464b38b960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d8f706bd77d0bd267925d72291abece

SHA1
384d97ce414cbd0821888fd46ed71391e4b53ae4

SHA256
db6c1cb5f3ed4e47f9ffc01dca3ec213659457a5185c028c5912f2642d364a2b

SHA512
a14af994c917b9e02dfc299a994f7032f4b7a74ac38ebaae3279222d6f8d0ad9df7cee208df75c973d2a73de8080962ed80b8fcff6b004983ab6404d565ce11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3f80dcfc747fad6305d740ce87c30d6

SHA1
730b91f75810fb850d22ef3bdc33948da6511e69

SHA256
309d1a10af08f61afc5593c3c0f0941c9a571a6846581343ac96c42bb5706ca3

SHA512
c5942bfb255377cc651041c162e5dcb79e7f945a3bea65834adfae2ddb6e4c85e697fc2efb22d11e74a4aa6534430872b78ae191c783df193cd6586727c80363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5dfe5a32a5f98d971c9108940e5d4a9

SHA1
7d043ec610653ea4d388d56a411c361639fe8842

SHA256
1bb5b3d2ad3ed9636e284389a1f6533844af6d7233bcfb60fa1458908b986e1c

SHA512
49b852c69af4bb0bc9d0c376c1ded3c5f0202b8264ea76b301f09f48300df6d3b313d8a250465f94376a708011034faa51b4652278a94d98c80e1f15b729aaa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cb9d559b5312e9c57a8b67f1e2fc806

SHA1
12cd1e341f89567de2c50f7cea1e46137acc8edf

SHA256
772e0b8327c3f4345b0269cf054fad5dfc6b7f55a45087730bf69b302588e0e1

SHA512
52ed19e9d4b0342f5e93de1f00efa028a91561b4a73f3d8afec8745f902d6fab3ecf2a659112dce18053c6fc158828d1784a02bbc79d93a6f68e5f866b1e7464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f682cd2f6929d4d6e66f83d60f941b2d

SHA1
ff7402931a00af5a24dce1eda7761f9e7060052c

SHA256
cc6405995df63e7d407d98bbd65cc68ef407b64f99d6e05ec479393f131a33ea

SHA512
8ccc801a44ff6ebda964d6de505bd016ac01052fd2cc4aa0c9850cfa539121df1513b6caf78bfd1f35a979eb42e08cb8217c43566062777fee56a58e2b0f31ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
100926597ae6390e1b7d745f54df930a

SHA1
af3a17d5d4cc3acc0dde13e1a82bfa89b0f3c73d

SHA256
61bfe7a549ee54006c20c85733c36ce73c81340f5dd6dda869c6e3b39e22c3f9

SHA512
b91d569f0779821786081495a7dd33c9bf5b192b473447ee60c8cf1ed228b70fc562d2078db645e3ccfdf8ca04c819c1dc0392299b03bc3aad1b977320030e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b1e8dfa33dec7f2322101264053609c

SHA1
7a58f18b48025c14169367c69033021e8e2ac17a

SHA256
e0e7dabdf65412bfe7c69b5c8c12e0398736aaee7ac36a8379398657818d65af

SHA512
0186149bab3ee101479c226d5f8bfecaadacf3a38e49abe60b3b325102e26a63a07fae8f9d46c9c4a245079ca55193963500c3dadff4b7cd8a06f7f2c9ce060c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee1d993b7891497807ffa48a369f748c

SHA1
fbb15a34a2a08c3579681357065af3c80f1b002e

SHA256
348388ed4ed63845eb0f9b60341019754865f42a3853e037ebe41cb7da4155f9

SHA512
0e1f48ca2f625ba8db7dfddc5980fa17f72b3af46e0aa0072ff663ec22374e9e8b9a70728beceb2fbff86a9e89a37cf93cabbd6d5929434b8a500a2c7197a0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
230c5acad1e944f03673436b00b5a4a1

SHA1
3fe78dbcd04dac94ce27b3bbf0c40bff7f7581b6

SHA256
e8d2874144f5486d0f4925ca7c73924031e941b5b58a734651e4eb611bfb4056

SHA512
049cb7f34e1f48af5dd24491d6623a730ba499584880680b19971b9baf303a8520cb8ed5e672c027ed5fe6182c8646c6558a5e318fec307df3e5ae4ed52b1da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f6958000f708f68f4f0b2f95e6045a2

SHA1
bc36ab30e47477d2acec9f2cde0f9b55ec4fbb42

SHA256
3ae082fb43d6391b1fca85ff10f11403e521d9af92660a53c3cb5110eb79027c

SHA512
a5e7c5f3ebe0166182017a970917d2fe988f243e5ed1a69baf0e5ebf2f0f993f7222988d10313f4552c7dda54c6fc25b4cdc647c069f62d13f19e797a63afde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20c60486451788570906d710a1a21994

SHA1
2ee98b3bda28790b2e2bea4ab8507d83a192f4e8

SHA256
cf3d543ebcbdf73c8391cd3c2f07ef0e60a106f0911ce2d708b0c20bdaf37b55

SHA512
61b77adefabe295ede5ebc667f4a16a1fef12f6b6a976d4e7472c1b6c830e1e54352c507405a0e380eb756d58a5858ee72e7eaa39d937d89425348e5b7707eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
360c3dfc6ff105fc2dfb01844f588711

SHA1
c72a209952650baf019262e5f5bab2d9f1526d63

SHA256
09cb5878f8c6d0966f115e8a6252eb2846756df52837bb0fc9471dec7adf5075

SHA512
1b3ea56a04ae12eaf1aec9d3b588b520665f502154a681fa287d2a86a401451c23be51a3d20a7f96fee5f27fad13be1675260513936c75573733c60ce7108443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58906e0be2c1643a91ee540c8a98576b

SHA1
9e26bc1c1f8a48ad414fd6f01161d5657ea79dbe

SHA256
8b0d46ecb13a9e3aabeac0c91989ec174b90f24dce340b3f75a809cfc1d7f5f8

SHA512
9737e6900b46de6ac28230262a1bd8d3434d6d85827832bda523c29bc639674698b2a0834c1bb1bace8f1c727108362defd1f44d2a37846e15534d5b63edbda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87725624cff890af9c6b5ad7f2c9d883

SHA1
75cc265975ba06847d0b0ff1f9e683913ce1654d

SHA256
b8d7bb1d6abf5a7eef3365220d4780b6a856be034338267c2724eed436b2e53e

SHA512
41831d43a8fffa1b8a2dddda93beca348612699a4b266410eb2ab43af3c8f6bd78b55100ee9431a046b563c09e927d652b39310a5a2ed6bf39e395e619a8ca83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61a95218178a51239b6eef27ebe8b71a

SHA1
353aed0662bc4cefa6f735311868a0186616ac91

SHA256
934a56e3a6b2008ca45e3a5ad17477cbc2b9f849f47c1cb9a6ff26c2b772d871

SHA512
54dbbaed38085534519d00824c363c970f5d019aa55e9d271d1d7f3d05e322071b5097f6fab83e666e500247423f912610d643ad7a1a6b9d166a5de0191dfafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe2b809bcda4b48b33f2d4c3218669e4

SHA1
fa4a706e8220fd4803964095e682d36d004d570f

SHA256
20e292614cda66e7fbfb4d162a2152e088c44c052ab3d7fd3e3150e53d3273ee

SHA512
1334e2d5877d8502129cabf30f06563a659a502efafe830129b4ae525cca8aacf57ab556c04e95f2183ab2619425b8968756d4e3477aa0b646ec2b6605840abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54d91c6273d7ada1dc4ece0f64804754

SHA1
3dd0dbd0e1c07900c5c0c26345bc826b4e0b41d3

SHA256
eee01432f9821d08078525261b588081f9ba7b36ca2691d1b129907405376fa2

SHA512
10e98d5e0fcbbac577fd09c25658b1e3bf87aa78794a8c809986069148261a2c8e964e9f19e0e9f1c615283173bd1e7525404d2c54f35c1f941b1f9ae283499c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
287d96452816444532e1d1ef2573f9d8

SHA1
1459cca69143c227a2f42f760992b64d42c4c836

SHA256
f70cb70b72126e6325fa5506254320934be4a5beb50ee1ee0cd66107e6b64b04

SHA512
b981eb626e871fa757804c67f9e9255dc2e86447ae2b8d5ce9901cb582e82605607614a9d646c845287eff35fc8a24723dec7b86b1953c577a48f0b04be86c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15bf7f9bc168da5771e1b72edf572a40

SHA1
31011be3b8c9ed9847be6999e3268156438a889a

SHA256
1df254e7a33a9ff3767d4df6453a6e59699b86f2d1c9490587bd71eefce73e52

SHA512
f3d3b3a0d527547f3ad11fcb444266297d8460aefa65699c554281ae9b0c170c2d69480f8b41d202c14d567cc4b66867ab6a66ff47ed3449dc73c0998cfe36fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab02b4e7ec17b48fabef512d335513b3

SHA1
b814ba01b7f742351fa185ab21fb1257408ac448

SHA256
735fd1807364ab979d290502af9e445ef3035807dc9c5e53631728ea353cb908

SHA512
9942d2ea8a95a63ad2f1a818b7403241af3ff8d047c8477a32ed08db5b8a9889d89c879340476c4a6458ed8f2199b166018da4d741c1a8bb6a2eeaa74931a069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7df6c808138b50183d735a9d0adfba3

SHA1
566e1d29929497fed90e22bf3318ceff83e4aeeb

SHA256
4f07517f2821059f4b268755ec06b318bdbab083fa83b29e9c3be094bfb1e824

SHA512
d4706542ef23dbc7729e137192d5f3a1d5357ef2b8c42e608680bb214dc3a522517f2f81d2517007347823cd6b2cb5533d80f2426f20ee54a385b6fb67aa29a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e22b70c38cb3492a039c96fe00cf779

SHA1
798440b8ca0036513f1746b33f0d6e57a7c7fc86

SHA256
7ba2b6ba565677073dfb2614774ac831883d91640a98ff624c0ac0f68a4c47a6

SHA512
d68cbc57999cace2da76e4c7eed97ad6dfd276b7ae7a6340ba6efc86eea4bba4d8725fb43dcf866db50749fcf350f83e9b67a06c6d7c5a7951050d3ba26d33b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4f0d5c3b75df4fe3507f06b3641da16

SHA1
60193da4642ecb3c9ce61cbf16fc918f76a50c0d

SHA256
e944b067b6b0dbeac6e7c31e03f394b6c5102b4076464a4760849f2282df95ef

SHA512
dbc02f4c2ef30479e6bf16327c5aebb777b166c0fd98e7f1d8a1ef9f2cd0ffb1d67860d52af2b86d85fdf372e2066eeae02b51c7a7100766080c6e8dfb61dd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
825e43e2446af8ea71d58183c42b2928

SHA1
7bf364ef7dcd1ce4f38aa97538e49d22b8c99481

SHA256
93f9479d5c17be2074641e9cab9d088fd70a254534f8245d27da4cc133952912

SHA512
b6879e3c3cb059adb1f8955f118c22273ac7956775b6fb2412f6af47ebc84f90d587104c62099301760c1795808e4c74bc44bc19d611e977aea8294bab4353d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9becc4cf8f538ab067af71a498773957

SHA1
bbf0495835bbff4505ab525929e44db4220fb8ef

SHA256
d4c44689d700d7bad8f30e0b7b0c7d67c025b31b457c4eca2ab455df56fa1883

SHA512
53ecb022bbae2a33002720a72ae9884d45956936b2d8b37784e02b8678272ee67c273c13624d102bfae45ce4617d284c5614eb0c97d812966672ee2e8695167b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b5b6ccba709f2c0be4da0ef8b83cd58

SHA1
f392aae2b9d1fa60fe037b11741b8f2d5a0b295f

SHA256
0ee7c3efdfa009f68d88e7e3da1ee51c25bb003ee7182a44b1ae58529d858a9d

SHA512
8da6a9d9a81d7138ab49b253fad5ddc71c33496719b62522ce4fa476efb893a7a8aa92bb4f553fc94cb941562c43cf42686772b6f17f1352f11098e2de238c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c25800dda5beb83f1284d6524fc1c77a

SHA1
6b9edcd555070bc4d0ad98b0d735a64af01fdc9a

SHA256
80c83cd07532e0ebb820f835927ee838faad71a0d76ff677a44b2aa377886a18

SHA512
1ad63c21ec2041abbced987224db4ef35a304bed8868f2b065d86ad1a0fab20a627c158619160f97586873200a9fb635178946d0c8aaf02cf515e073d7b81d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f9e0c92f93ac01bab37dbe6bd661a53

SHA1
fd9482004149f5be6bab51ab7cecff1a5b8e43c8

SHA256
d8fe191e78d0ee7ce28e28624dcd8e93213d623a82103647c4c5d36f93a9cd04

SHA512
7612850b8ce703a13fa7339d95de355164317d96da17a241508d309ff71729bd98d784675510bc98a96c9f9279ae1c451a8892450dcd8a27bd3bdac372c2b9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3256a619899bc5934c26d1f1ee629287

SHA1
4174a85159cccb6e89193c018e9dcf65059a59e2

SHA256
d1a1b41bb5993d2418d558d4c6532bd090dd9260469119d0c59dfe519ff2bfab

SHA512
0ebb66e4f3ed63a82c7bc946cc030f02a6327f10a030f46d3c68460f45099cd3e6f6a70a5a82b872cc21c43a9b1f875ecd697183022828704918199c67a93557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39302320bee8f5a4a2d07b1261314eff

SHA1
0d2b42172ea55f89769d9a5bce51ed28f47b1eda

SHA256
a5bf416cf7bbfca5bcd3f2661331ae7f6c34d8eace3ee45f13d3ec13ac5f5fe2

SHA512
d35518e08c6ee540ad5755f1203ab5f1e6abbd9b41272581ef4e2889bad62255f615b318d02d6a263edc4f221141c9ae54d61dbff9b1f934b5fb5dce3e245f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92a29103ec315478284601e3e7176a69

SHA1
ece0eeabb08615f475fb809b4b3552341a3b9d74

SHA256
616067f574a205b2aa8db012e85da0733ff179ca5c6200f2bdc457f197224865

SHA512
d630d035ca0dcda3e1602690793510211690db290f26ce55009d863746dad0cf5e46fe783c7a312346d444f7b35cccfa2868cff019a411ce66d70c28cd913dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d18819c20ea9f04607281e2a00357e6

SHA1
ee83d5b82fe00d033a42782d168966a32e7694d8

SHA256
8e8dfbf03cdcf1bca4b1dae328a4b08e31d38acf2c391dbf746e04f0122edebf

SHA512
c7818b2af7d35ccb3e9b6a1f4812ab7ef3580f30495bec15e5a3e5e1d58cf79d2cd87ac318598104501d2dc18f8fbe003c6bdc1022c1db48e054b831a3cf5ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a107c3bbccbc6dc8d2ed89d86519410d

SHA1
5a11ade2a5684b6d09558d95b9a71928be221693

SHA256
9342c8255ab87fb6b8bad96a5b829216bfee91c6578f2341eb422411d8aff5dd

SHA512
82cffaede70b20d1939b211ca0c202de4f62a1a7e5953c07178c7c3102f020e0628c7412fe8d9f5c02cf44060dea2385d008ce4d41a328dba7265db69a87e0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd50dad5935bb8dace8774b8befe3a78

SHA1
092c0bd53cf44209be72915f76f921c7dcaa18cb

SHA256
85ddc2ac793a2cb7e4ebfda1300288c67b9f74403ec7d4e13afd9c1c3b73d78e

SHA512
9f9636d12b086e0674dc75babe96a69fe919629c8d179e0952b3445943e54c50dcd642d336986c6a95d748d7bac32e80dea975c7844c44ce79d5f81d0bc8a8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d7298aa683e2743749f23b4fa500369

SHA1
dc9ed43daf2045b082e0aa9218de01da01f009e3

SHA256
0eb309d5ea48ba54edb7695b381447d9be300262ef45b02153f2b3c9d8e28555

SHA512
1f439caf87396bc0b75c790ab73faa2203f8e826ac95de510afed7c7d16ba94e22d03f335c9ff05203d3a2ff0acb973c2ee5134713ab8a7dd308ffe79822c5e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
30d8342d07e0247044ef9502fe1c3efd

SHA1
23fa362310bd8e7be50584e36a0b745fb43872e9

SHA256
f1a54d26e110398b66994bd0930ff2db5a0f4ef4d56b008a0eb2fd982c4a5d65

SHA512
7bf947bcc00807ab59142ea0343e5b73ed08219ca016c9a955d0d2f98c97331fcfae31d8f7b7b0e81a79bfd4d0f9c316e9d12f67ea5a6afdf6b282e97898324f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b45bbe0576b8b3272b97d9025114834

SHA1
528818a57418daa719c65b4e2c818f073570b78c

SHA256
51a5281f43bcd881a4496e328263f9f7799ce7891e532d0ddac787746f1c8f75

SHA512
2de9a645314d07f349881788ce9c4ae162e840accb243e32884b0a6d963138e349c532044a7224cee78b627f928c58ee8a96a15826f06a7fb7be6cf688ba2fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79fe222685114900ac6419fde4083ec2

SHA1
86cc456b798db25b4a4b8b1a0b07f792122000ee

SHA256
3cd53a99d55df08e7967aca7efd148a1223cdeeceb3d14207f6cbd21c0696bd4

SHA512
c8b19c4dd8e0178633f2d208eace66dce2ea97230828e4c1cbe5a4224c395fa20fccab48ed706d3ee87d1a70a52657b584711a1189177a36e7dc8d4a21619ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a12eb796f7a5b1bee3e98f661f2ef621

SHA1
40e928e4c1298ece8f5b5a813180af582d36238b

SHA256
3204f0ef6f0c2664dce9a376c8f250e4962221d31c842b3d302e15f04d2f0caf

SHA512
03ed11998ff19b0177660c281328f05c43bc47a49fa98553b55e88bab59b8becbf26dbd010f646632cec655c3a5b23ba218f88392a39b8d32483400e8d225f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
803669b2140ace0045c717c2a4fdc8da

SHA1
916cb512b01a77010aad9196dee699f97258d1e6

SHA256
a882c55a32877a1583f7fd63b212be1e8ee117667a457b82d07af3ac87c86b01

SHA512
cde89cf51e6667ce0e83c41a9e9a503e83c87d7e60ab09c60032586b68a6bc395caae25afe72124e27efbcf2758c0ed63d4c1955727bd4125852472103747601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
234ba41bbe5679979f053128604d3ddc

SHA1
d6e8ca0c76d1d19ef1f25be3e8780b715fb593b1

SHA256
1726173942e374db9042c25904987e93433668b0cccbbdd41ecce5aa786417c5

SHA512
ba207c73ffe6c1f0bf714d0252d816d002c718756aa54ea943295318486f95c9e61fcb912a8292db21ab3b03d37c091e9e70fd50c287fa49a510a8029893b211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
326e15eb6e8b5e32ab068818b02ff405

SHA1
7a1d4ccb5163dc367f4816a99222a69f8b5a8a65

SHA256
9a67512507c9e3eae6e12cb9b490d4f38246839bf4b6c67c1d00a8de39162148

SHA512
596ab5cd7918f465a8a592e5bea3357fdb0040dc3dd7ad38cf67c689f8089421c893244bf16f333d84c7ced763a5b77d02138ba2edb0bef8fb32afb64237fa62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ce88d3fd8a8dbb5ccd7cdaf41260a2b

SHA1
0a13153fcf450a7d16d8f30431eb8f05962b6aae

SHA256
f62263e87343c6224f9f43b8fe0e9ad9d10f86aaf1bafdee7edbfaa021036e32

SHA512
97c5851f7697d752b0d3f1974f451703cc5d49238273c06b594b9a43adca4490adba7d6b0a25643b4fee30a723bfe0a03932eca511e927c5de45e0576d05cf80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4c08a894b2e535028ad8adc5fcc802c

SHA1
1db924cb2c40e33ebd0038aa2dd3975742549017

SHA256
66ff37a3094432d89e9de4a6be39d2245fbc909532e06293421187a03c7e50d2

SHA512
198c64e591eb00d4d14834ef6768cba09d9fe78659c3de8bced96a8760972239202eb031408ca75a98fcdd1f3dabfd01701c0d7d5886367266511f0716954198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
334e8a9dab0a5b3b781b43b1f2368f2f

SHA1
3d603d48e6c69f2ee17901b631c62cc3b23f7750

SHA256
5f0944cc3e28efe9eba55af95dcb2f6e21bb5e5f0307ce297f0b3309d939d168

SHA512
db4c7ccfbe92fdf29f7bac56a85e599d1ae1dce8de7f78d81accb6a14ea892e375efabe7567ff632a0616067adba97830565be4cb9302db1b61b2195d8a405ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9f1b96f6aab1851c7d8eea9e0d1c069

SHA1
b9d52e99831de2dffd3464c9ee6701fdf8cb8878

SHA256
770f33054d3ea2036e7c0a30e499e29a447b606c1ae448e933dd09df1b9e64d8

SHA512
c7b8cebe1be58db495b9f74d6b93e989f8a7c0fcc51392de31c3ceb9f6fdbabfb5773cd964b153b0cb040a5fd9e221350b9472abd42cb9eae08a56ef7848b0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a7ee4f2e9bbc3039d33a1a8ca8cea19

SHA1
374da1a2bc49da39be33e0105fe196db9aa6aebc

SHA256
e69933103cbe2ea73aaa02505e768a79e0fba41cf0c7ce6ad2ea102aa494561d

SHA512
4428e9527232f454d9b0d9490bd17130da7b48f6697562fb4ca6f0b1eec059e227161c46d2af4a38884ebe61977c60eaf3bda0cb1f1a8b9e7fd83f519bfceae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c0cf8a03621908efe59a589a585ffbd

SHA1
fd2d706e3f4dfb776ab4a122e5de2f8ffedaeb57

SHA256
875a51b0c8a9bd5c90a97a5668fe0f4e0b901556b2679753415a720a7a35019a

SHA512
afbf60900cfce2b3dc9fadd291d55afd8e57ab504406a7a5b66d9794d98b1e86c39c9361f19b0c30ccd6dd2f13177ecf0015a9cdcbd27b5ada5a7be2b044605d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
540b19a89a1cebc66d8190a388c70a53

SHA1
389c9ee8cec5a6a1f34353eede7b12e53ccda4ac

SHA256
5ebceb001d77c12e2b5c0a12fc26e47b91199fc6d884c77d0b8447236eb11713

SHA512
bc6c6a7c150d43adeeb83c1a7231e47624b0272afadf00e3118e81059014f7e72ac1888076dc559548af79a72745a0d27a12d75f77544b24332aca6310a91155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
435a3675b7c02b4043f7ee027cdae535

SHA1
b79765f5a2e28aee836ab0b718ebe75dc267c35d

SHA256
eab08a976178b7dc4b4d07df17d6f6d7dafb74b3643fa23b5ab09aac263d396b

SHA512
be8bbab1832d63318d7e414eb4b65922afc63198f68a6246e3350d1bc45add35bf70dd1d9a2ca1c1d3850453e7c3c749f65db01f3035f4b615afa6ab169bf300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7f4e7e608bf4938ed779a0028ba28dd

SHA1
697c01d24f055c04204999d3d407a0ba1056449b

SHA256
87c8d2b28c67a59b8257d5151c002718ac5d703b65aaa2972ca101460ee2ba58

SHA512
8594f10b9671ac56337bed3384355dbc429f87dc6b2a29e095f516d48f9928a2f16ad8b1a6da2f40613f28dd03120da81873d1d77757d282001d3aee5a0d7af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48b7f434a6f4758a938e4306dddc3c00

SHA1
e5328e52a1f783f9981ebefc7ad65154d5429eab

SHA256
62f5f0b23a85e806ddadb06810e3cabecf2e49d36e5e14358935887b7f26d315

SHA512
1c8cb0652f80e91e06a2bbcb03a488e430c8c7d8508ec1d0df0da2a0fbd91a741b76a4f89e1bb8babf4c2cdadce12e2aee0c5c62bc8557d2560b5961310f170f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd6f0dbb57f6429088299f35fae1be6f

SHA1
7d2435ea763ff89bd000a7db910ddd84d53f83ed

SHA256
b9e610985041b9a07b6bca36c4dd97dfe2e74bd919ef3641ad4eb0cb0c7ca7b6

SHA512
3a76415adcbab9271f5902011454fa1d9e88c666d985750757b640a3dd86e9573a414685cfd50d6bfd4a52877a79fabe02583f97c15a18920f52c9a1f776d2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6f64c31bc048f86bf7678a36b801426

SHA1
427954eaacd62f0060b6e75b352d2415c866bf45

SHA256
674b4bd09f319351edf3e1c1aae708f89a69ed1d4a272d7ca2037414285d4eab

SHA512
19c989d445fd900f0134a27ca3dd977e93766edf6299c788ee7ec2816f05127387c87303606438d65045e3c12ce7d413ec575467cd8410266fc18fdd6a46945b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99041d9669aa35ecad59e9943aab8f46

SHA1
d9236c53fe5b6801199020a93b1d736a8c4d7e8a

SHA256
2103c5b1cf1f7d3ed679bbb1c7384e3c73467e84047b20d8457edfb2ba1a9166

SHA512
416fe38ec08a52b8bf4d6d56e73494f5040b42257480e33ed91dd74cc06573ba3cd3a9a220287a9acc63e713a7dbc2e0d90f3963725efe1980dca49f48bf43ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd98e00e68e3beca90873af2924af3ce

SHA1
0a487491109a2dbaa5d2516da78c25320548f938

SHA256
045039ac85f628139bd5a0e67b51156b546f3bee37d13ddc02b5f6b4833fbdbb

SHA512
5bc596f3890a96ea1ac9ba9c90f6a36c1ddbcbeb9c61077f66ddb6c56e8d532dfce9954c35578f3b9edba2156be37800953fc8464e290f3d021226cf4d62b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3583173790fdf31f7e77b2672306f0cb

SHA1
2ee3b9cc0c4d3de0e7cf678ff556fa99447fde37

SHA256
bbb9f34b082445987af104b3faac5075948e500b915ea7af42c60d163877d2b0

SHA512
d6a66aed0e6674c471cb6dddceeec980258e53c0b6e0083c48684bec26dced79a996b9e6e07091bcfdd10fcaa8cc9d25b4b1ff76b475e9f9f2047c1b081cc45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d39bb7d2-83e1-4293-84a6-6c2d36aad754.tmp

Filesize
9KB

MD5
6db4d51c26021a77aee53e4f40dfcd90

SHA1
1a1c5f31afe2ef0161c1b47d0b57ba3f157c61b2

SHA256
a5cf0120a7d06afe1a1b9bf90ccdb6aabbf4d22478a7b425a29fe75f43735539

SHA512
6625aeb048db1b2208f5a5ea6d2f3b6ef674bb726c46fa2b5c51470f3e86b51a9bdb9e94940156c75fdf5ec4bfc4bf92dc05a0c86c7231ee21e4408044b115dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d7ffe8a0776e534a8ece3bf649456198

SHA1
0f894729892f8af63f01589b2236009f64a2f2c0

SHA256
eca21ad7fa9082d192e916cb7f089a72cd2b588818ff979f85d8fa091b58d63c

SHA512
5dcee05fab1ae6adfb784cecfded04fdae935a90363991d26bc593cbd35e0320ed837f32be1834929862ad845c0b193b6db21a537240ce8c271fba8f3bdc6fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
e3565e0838480c09aab665d518af092a

SHA1
5bba52ac2c51b03e808f2d23a3d584fc353c68f3

SHA256
86b3c59eeca02773984085f06025f7b31ca83c2c1f711026cc38bbff083b511e

SHA512
a7d9c04f02e2dbe5ae1b9789670cde45d3f8f0d794e17d6dbfa08b6f32cf340702651f46fdd19a09b7d1112efd88c6d53e64b61622c883996515a2c7a83b0ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
92ad9259f19da72bb0f5b4af15f45938

SHA1
9039b2c7b348b5955fc314ce9eaf3da4a1853ba1

SHA256
1042c2033400ee44e98a4ff704cf095589f48e58c0e33a6307645b7499bdd3d6

SHA512
f8801038759b10e89f6b5a8d7501c5afbedeb67cbd11a8d8d4943a54b05e066686c99f04167ce1a72a13200c57dbdc6b11ebfd7adfd9802cc3c12786838cc185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
06208bf1d1a73c76b44f270e0a626b42

SHA1
054f695fd9038406c26d1893d9bdb2257657753d

SHA256
6102bf229b009ccb686e360e6e148e962852838e49af60613dd08e10b24b3494

SHA512
e9f46af3f5a0029cb597c70bb07a1cc3a9e2bbcea5aa437d2365c9d6202647fd6c8a49d99ca63baf2be01ec2a0d4722590cd30ae042f52b5071fec6a41ef61e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
a6c78952eba3ddde24ea82ebe2ff6933

SHA1
af9e598fa0571426370de198dcbbc18301faabfb

SHA256
9a52bcec8d22be665f0c3238c12baa84f94f29b45c527e2db428a4b1225e4da5

SHA512
5b15274447839dffc1eb04a210d3535515901697c7350f4b06beec3ef54779364ff0def0651a059fac79103204f8a3b07a1b17fb5487dc7663fb2c005bc8457e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\ed03b8ed-23d1-4d59-88ad-b3ff327dd5d2.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\c261fa92769bc5ab6443aade831bdc18

Filesize
7.0MB

MD5
c261fa92769bc5ab6443aade831bdc18

SHA1
60c313b138fdc767d1b6108e6ce5c800ac1f4bf1

SHA256
c6f1c59442953fb894b7414e2bc7c494d379df20a81bef8a974afec150e0cab5

SHA512
85f433f98441707bffb7d071e8dd20c77766244cc649b6887f43cc01e6d791f70a87f83d836a6f20d35c148327f466e184b3db7ae8db20fab9d3f36efc675e35

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.8MB

MD5
91563396f82674c0b8a13a5bd4faa2cc

SHA1
becfde376e3053a2593640e8fbb743890077ed07

SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0

SHA512
07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
2414c3324eb0338ef4cc435d75d3e001

SHA1
15bb2e4d36db5cb336fc83ab5d541d9fe6dca90b

SHA256
fc322016d81157dcb72994bc1b754cfd287f27b713bc443690c9f1cec58b36c9

SHA512
af764090a6de645260b84ff6b3e45bad15b43e320df59ea3033409b36f70d4b11d68b433c8fdc4994eaf4238b45f5e60eeded0103fc5979984c467a5950130f3

Download Submit
memory/3760-1359-0x00007FFB20250000-0x00007FFB20280000-memory.dmp

Filesize
192KB

Download
memory/3760-1384-0x00007FFB1FFE0000-0x00007FFB1FFF0000-memory.dmp

Filesize
64KB

Download
memory/3760-1353-0x00007FFB20200000-0x00007FFB20210000-memory.dmp

Filesize
64KB

Download
memory/3760-1354-0x00007FFB20200000-0x00007FFB20210000-memory.dmp

Filesize
64KB

Download
memory/3760-1361-0x00007FFB1E4E0000-0x00007FFB1E4F0000-memory.dmp

Filesize
64KB

Download
memory/3760-1362-0x00007FFB1E4E0000-0x00007FFB1E4F0000-memory.dmp

Filesize
64KB

Download
memory/3760-1363-0x00007FFB1E570000-0x00007FFB1E580000-memory.dmp

Filesize
64KB

Download
memory/3760-1364-0x00007FFB1E570000-0x00007FFB1E580000-memory.dmp

Filesize
64KB

Download
memory/3760-1365-0x00007FFB1E590000-0x00007FFB1E5B0000-memory.dmp

Filesize
128KB

Download
memory/3760-1366-0x00007FFB1E590000-0x00007FFB1E5B0000-memory.dmp

Filesize
128KB

Download
memory/3760-1367-0x00007FFB1E590000-0x00007FFB1E5B0000-memory.dmp

Filesize
128KB

Download
memory/3760-1368-0x00007FFB1E590000-0x00007FFB1E5B0000-memory.dmp

Filesize
128KB

Download
memory/3760-1371-0x00007FFB1DB60000-0x00007FFB1DB70000-memory.dmp

Filesize
64KB

Download
memory/3760-1372-0x00007FFB1DB60000-0x00007FFB1DB70000-memory.dmp

Filesize
64KB

Download
memory/3760-1373-0x00007FFB1DCD0000-0x00007FFB1DCE0000-memory.dmp

Filesize
64KB

Download
memory/3760-1374-0x00007FFB1DCD0000-0x00007FFB1DCE0000-memory.dmp

Filesize
64KB

Download
memory/3760-1375-0x00007FFB1DE80000-0x00007FFB1DE90000-memory.dmp

Filesize
64KB

Download
memory/3760-1376-0x00007FFB1DE80000-0x00007FFB1DE90000-memory.dmp

Filesize
64KB

Download
memory/3760-1377-0x00007FFB1DE80000-0x00007FFB1DE90000-memory.dmp

Filesize
64KB

Download
memory/3760-1360-0x00007FFB202E0000-0x00007FFB202E9000-memory.dmp

Filesize
36KB

Download
memory/3760-1378-0x00007FFB1DEA0000-0x00007FFB1DEB0000-memory.dmp

Filesize
64KB

Download
memory/3760-1379-0x00007FFB1DEA0000-0x00007FFB1DEB0000-memory.dmp

Filesize
64KB

Download
memory/3760-1381-0x00007FFB1FF70000-0x00007FFB1FF80000-memory.dmp

Filesize
64KB

Download
memory/3760-1382-0x00007FFB1FF70000-0x00007FFB1FF80000-memory.dmp

Filesize
64KB

Download
memory/3760-1383-0x00007FFB1FFE0000-0x00007FFB1FFF0000-memory.dmp

Filesize
64KB

Download
memory/3760-1352-0x00007FFB200E0000-0x00007FFB200F0000-memory.dmp

Filesize
64KB

Download
memory/3760-1385-0x00007FFB20020000-0x00007FFB2002D000-memory.dmp

Filesize
52KB

Download
memory/3760-1386-0x00007FFB20020000-0x00007FFB2002D000-memory.dmp

Filesize
52KB

Download
memory/3760-1387-0x00007FFB20020000-0x00007FFB2002D000-memory.dmp

Filesize
52KB

Download
memory/3760-1388-0x00007FFB20020000-0x00007FFB2002D000-memory.dmp

Filesize
52KB

Download
memory/3760-1389-0x00007FFB20020000-0x00007FFB2002D000-memory.dmp

Filesize
52KB

Download
memory/3760-1390-0x00007FFB1DF80000-0x00007FFB1DF90000-memory.dmp

Filesize
64KB

Download
memory/3760-1391-0x00007FFB1DF80000-0x00007FFB1DF90000-memory.dmp

Filesize
64KB

Download
memory/3760-1380-0x00007FFB1DEA0000-0x00007FFB1DEB0000-memory.dmp

Filesize
64KB

Download
memory/3760-1369-0x00007FFB1E590000-0x00007FFB1E5B0000-memory.dmp

Filesize
128KB

Download
memory/3760-1370-0x00007FFB1E680000-0x00007FFB1E68C000-memory.dmp

Filesize
48KB

Download
memory/3760-1356-0x00007FFB20250000-0x00007FFB20280000-memory.dmp

Filesize
192KB

Download
memory/3760-1357-0x00007FFB20250000-0x00007FFB20280000-memory.dmp

Filesize
192KB

Download
memory/3760-1355-0x00007FFB20250000-0x00007FFB20280000-memory.dmp

Filesize
192KB

Download
memory/3760-1358-0x00007FFB20250000-0x00007FFB20280000-memory.dmp

Filesize
192KB

Download
memory/3760-1351-0x00007FFB200E0000-0x00007FFB200F0000-memory.dmp

Filesize
64KB

Download
memory/4644-1346-0x0000000000200000-0x0000000000235000-memory.dmp

Filesize
212KB

Download
memory/4644-1255-0x0000000073710000-0x0000000073920000-memory.dmp

Filesize
2.1MB

Download
memory/4644-1206-0x0000000073710000-0x0000000073920000-memory.dmp

Filesize
2.1MB

Download
memory/4644-1205-0x0000000000200000-0x0000000000235000-memory.dmp

Filesize
212KB

Download
memory/5076-14-0x00007FFB10F90000-0x00007FFB11246000-memory.dmp

Filesize
2.7MB

Download
memory/5076-15-0x00007FFAFEB00000-0x00007FFAFFBB0000-memory.dmp

Filesize
16.7MB

Download
memory/5076-12-0x00007FF640130000-0x00007FF640228000-memory.dmp

Filesize
992KB

Download
memory/5076-13-0x00007FFB14F60000-0x00007FFB14F94000-memory.dmp

Filesize
208KB

Download